On 13-08-08 09:11 AM, Martin Albisetti wrote: > On Thu, Aug 8, 2013 at 9:57 AM, Marc Deslauriers > <[email protected]> wrote: >> On 13-08-08 08:39 AM, Roberto Alsina wrote: >>> Also, there is no plan whatsoever to display package signing errors because >>> (I >>> remember this too ;-) the signature would only be checked on upload, and >>> then >>> we'd trust that we are getting the packages securely via HTTPS. >> >> I don't think HTTPS is enough to be secure. We need to sign the package >> checksum >> with some sort of store key. > > > Do you think having split out the signature into the index metadata > and verifying that the downloaded file matches with that would be a > equal enough approach?
If I'm understanding your approach correctly, yes. Ie: 1- Ship an appstore key on the device 2- server creates signature for uploaded packages, and stores with metadata that gets downloaded 3- package installer verifies package signature located in metadata with appstore key Marc. -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
